<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
~ Copyright (c) 2005-2011, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~    http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied.  See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1"></meta>
<title>Registry Security (Secure Vault Tool) - User Guide</title>
<link href="../../admin/css/documentation.css" rel="stylesheet"
	type="text/css" media="all" />
</head>

<body>

	<h1>Secure Vault Tool</h1>

	<p>WSO2 G-Reg 5.0.0 onwards a UI component has been shipped to secure
		all the in-line passwords configured in G-Reg RXT configuration.
		This guide describes how security component can be
		configured for use effectively.</p>

	<h2>How it Works?</h2>
	<p>Since the Security implementation has been based on
		the WSO2 Carbon Secure Vault API, it's required that the user need to
		run pre Cipher tool configuration script to setup the secure vault
		environment</p>

	<ul>
		<li>Carbon Server's primary keystore is used for encrypting and
			decrypting passwords, which can be found in
			PRODUCT_HOME/repository/resources/security folder.</li>
		<li>Secret-conf.properties (this file keeping the all the
			required pre-configuration that will be read during the password
			encryption decryption operation)</li>

	</ul>



	<p>e.g secret-conf.properties</p>

	<p>keystore.identity.location=GREG_HOME/repository/resources/security/wso2carbon.jks</p>
	<p>keystore.identity.type=JKS</p>
	<p>keystore.identity.store.password=identity.store.password</p>
	<p>keystore.identity.store.secretProvider=com.sample.password.callback.handler.HardCodedSecretCallbackHandler</p>
	<p>secretRepositories.file.provider=org.wso2.securevault.secret.repository.FileBaseSecretRepositoryProvider</p>
	<p>secretRepositories.file.location=repository/conf/security/cipher-text.properties</p>
	<p>secretRepositories=file</p>
	<p>keystore.identity.key.password=identity.key.password</p>
	<p>carbon.secretProvider=org.wso2.securevault.secret.handler.SecretManagerSecretCallbackHandler</p>
	<p>keystore.identity.key.secretProvider=com.sample.password.callback.handler.HardCodedSecretCallbackHandler</p>
	<p>keystore.identity.alias=wso2carbon</p>


	<p>
		<img alt="Uploading Registry Libraries" src="images/listView.png" />
	</p>
	<p style="font-style: italic;">
		<strong>Figure 1:</strong> Secure Vault password management tool list
		view
	</p>



	<h2>Sample</h2>
	<p></p>
	<p>&lt;twitter.config&gt;</p>
	<p>&lt;consumerSecret&gt;xx&lt;/oauth.consumerSecret&gt;</p>
	<p>
		&lt;accessTokenSecret&gt;<b>{wso2:vault-lookup('xx')}</b>&lt;/accessTokenSecret&gt;
	</p>
	<p>
		&lt;accessToken&gt;<b>{wso2:vault-lookup('xx')}</b>&lt;/accessToken&gt;
	</p>
	<p>
		&lt;consumerKey&gt;<b>{wso2:vault-lookup('xx')}</b>&lt;/consumerKey&gt;
	</p>
	&lt;/twitter.config&gt;

</body>
</html>


